VYPR

paFileDB

by paFileDB

CVEs (12)

  • CVE-2007-3808Jul 17, 2007
    Php Arena
    Pafiledb
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in includes/search.php in paFileDB 3.6 allows remote attackers to execute arbitrary SQL commands via the categories[] parameter in a search action to index.php, a different vector than CVE-2005-2000.

  • CVE-2005-0782May 2, 2005
    Php Arena
    Pafiledb
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) category.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the start parameter to pafiledb.php.

  • CVE-2005-0952May 2, 2005
    Php Arena
    Pafiledb
    risk 0.03cvss epss 0.04

    Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

  • CVE-2005-0780Mar 12, 2005
    Php Arena
    Pafiledb
    risk 0.03cvss epss 0.04

    paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) auth.php, (2) login.php, (3) category.php, (4) file.php, (5) team.php, (6) license.php, (7) custom.php, (8) admins.php, or (9) backupdb.php, which reveal the path in a…

  • CVE-2004-1551Dec 31, 2004
    Php Arena
    Pafiledb
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the (1) email or (2) file modules in paFileDB 3.1 Final allows remote attackers to execute arbitrary web script or HTML via the id parameter.

  • CVE-2005-2723Aug 30, 2005
    Php Arena
    Pafiledb
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in auth.php in PaFileDB 3.1, when authmethod is set to cookies, allows remote attackers to execute arbitrary SQL commands via the username value in the pafiledbcookie cookie.

  • CVE-2005-0326May 2, 2005
    Php Arena
    Pafiledb
    risk 0.00cvss epss 0.00

    pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive information via an invalid or missing action parameter, which reveals the path in an error message when it cannot include a login.php script.

  • CVE-2005-0724May 2, 2005
    Php Arena
    Pafiledb
    risk 0.00cvss epss 0.00

    paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via (1) an invalid str parameter to pafiledb.php, or a direct request to (2) viewall.php, (3) stats.php, (4) search.php, (5) rate.php, (6) main.php, (7) license.php, (8) category.php, (9)…

  • CVE-2005-0327May 2, 2005
    Php Arena
    Pafiledb
    risk 0.00cvss epss 0.01

    pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arbitrary PHP code via a modified action parameter that is used in an include statement for login.php.

  • CVE-2005-0723Mar 8, 2005
    Php Arena
    Pafiledb
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in the jumpmenu function in functions.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameters, which is not properly cleansed in the $pageurl variable, as demonstrated using…

  • CVE-2004-1219Jan 10, 2005
    Php Arena
    Pafiledb
    risk 0.00cvss epss 0.01

    paFileDB 3.1, when using sessions authentication and while the administrator logs on, allows remote attackers to read the administrator's password hash and conduct brute force password guessing attacks by listing the contents of the sessions directory and reading the associated…

  • CVE-2004-1974Apr 27, 2004
    Php Arena
    Pafiledb
    risk 0.00cvss epss 0.00

    paFileDB 3.1 allows remote attackers to gain sensitive information via a direct request to (1) login.php, (2) category.php, (3) search.php, (4) main.php, (5) viewall.php, (6) download.php, (7) email.php, (8) file.php, (9) rate.php, or (10) stats.php, which reveals the path in an…